Oracle has put out a public alert on several new security vulnerabilities. Some of them could allow a remote attacker to execute arbitrary code on an affected system. Ie somebody could write a network worm infecting Oracle database servers that are online.

Remembering that Slammer worm (which was the largest attack against the internet, ever) targeted MS SQL Server database servers, this thought is probably not too far-fetched.

Then again, Slammer was based on public exploit code. Such code is not available for most of these new Oracle vulnerabilities. At least yet.